I set up some firewall rules and don't quite understand why one matching.
In the pf states I see the following (pfctl -vvv -s s):
all ipv6-icmp 2001:1600:18:100::278[135] <-
fe80::f816:3eff:fe0b:d10e[13665] 0:0
age 00:00:00, expires in 00:00:20, 1:0 pkts, 72:0 bytes, rule 5
id: 6a3055bf00041d68 creatorid: 9e0823e3
It references rule number 5 and the rule is (pfctl -vvv -s r):
@5 pass in log quick on egress inet6 proto ipv6-icmp from fe80::/16 to
ff02::/16 label "allow LL/multicast IPv6 icmp traffic"
[ Evaluations: 263351 Packets: 415070 Bytes: 30115672
States: 224 ] [ Inserted: uid 0 pid 15017 State Creations: 263349]
What I'm baffled is why it matches for a 2001:... address. Would someone
be able to point me to why that is? Am I misunderstanding 'rule 5' == @5?
/Thomas
